The present disclosure relates to electronic devices and, more particularly, to user interfaces for portable electronic devices.
Passwords remain the dominant approach for user authentication by computer systems because of their simplicity, legacy deployment and ease of revocation. Unfortunately, common approaches to entering passwords by way of keyboard, mouse, touch screen or any traditional input device, are vulnerable to attacks such as shoulder surfing and password snooping.
Shoulder-surfing is an attack on password authentication that has traditionally been hard to defeat. It can be done remotely using binoculars and cameras, using keyboard acoustics, or embedded keystroke tracking software. Access to the user's password simply by observing the user entering a password undermines the effort of encrypting passwords and protocols for authenticating the user securely. To some extent, the human actions when inputting the password are the weakest link in the chain.
Biometric authentication approaches, which identify individuals based on physiological characteristics, have the advantage that they are harder to replicate and therefore are not susceptible to the risks of shoulder surfing. However, biometric techniques suffer from the drawback that physiological characteristics are nonsecret and non-revocable. While it is easy for a user to change a password, it is perhaps not possible for the user to change a fingerprint.